Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
| knb:wireguard-offloader [2020/07/06 22:35] – lqb | knb:wireguard-offloader [2020/07/07 06:04] (aktuell) – lqb | ||
|---|---|---|---|
| Zeile 15: | Zeile 15: | ||
| - | ===== Create | + | ===== / |
| + | Daten müssen bei FFMUC erfragt und in die Variablen eingepflegt werden. | ||
| + | |||
| + | mk_config.boot.sh: | ||
| <code bash> | <code bash> | ||
| #!/bin/bash | #!/bin/bash | ||
| - | #USERNMAE/PASSWORD: ubnt/ubnt | + | #USERNAME/PASSWORD: ubnt/ubnt |
| HOST_NAME=" | HOST_NAME=" | ||
| Zeile 62: | Zeile 65: | ||
| - | mk_config.boot.sh: | + | |
| cat<< | cat<< | ||
| firewall { | firewall { | ||
| Zeile 121: | Zeile 124: | ||
| description " | description " | ||
| destination { | destination { | ||
| - | address $CLIENT1_IPV6 | + | address $CLIENT1_IPV6 |
| port 22 | port 22 | ||
| } | } | ||
| Zeile 196: | Zeile 199: | ||
| description " | description " | ||
| destination { | destination { | ||
| - | address $CLIENT1_IPV4 | + | address $CLIENT1_IPV4 |
| port 22 | port 22 | ||
| } | } | ||
| Zeile 261: | Zeile 264: | ||
| duplex auto | duplex auto | ||
| poe { | poe { | ||
| - | output | + | output |
| } | } | ||
| speed auto | speed auto | ||
| Zeile 268: | Zeile 271: | ||
| } | } | ||
| switch switch0 { | switch switch0 { | ||
| - | address $HOST_IPV4 | + | address $HOST_IPV4 |
| - | address $HOST_IPV6 | + | address $HOST_IPV6 |
| firewall { | firewall { | ||
| out { | out { | ||
| Zeile 284: | Zeile 287: | ||
| max-interval 600 | max-interval 600 | ||
| other-config-flag false | other-config-flag false | ||
| - | prefix $HOST_IPV6_PREFIX { #VAR | + | prefix $HOST_IPV6_PREFIX { |
| autonomous-flag true | autonomous-flag true | ||
| on-link-flag true | on-link-flag true | ||
| Zeile 308: | Zeile 311: | ||
| } | } | ||
| wireguard wg0 { | wireguard wg0 { | ||
| - | address $WG0_IPV4 | + | address $WG0_IPV4 |
| - | address $WG0_IPV6 | + | address $WG0_IPV6 |
| listen-port 51822 | listen-port 51822 | ||
| mtu 1406 | mtu 1406 | ||
| Zeile 315: | Zeile 318: | ||
| allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
| allowed-ips ::/0 | allowed-ips ::/0 | ||
| - | endpoint $WG0_ENDPOINT | + | endpoint $WG0_ENDPOINT |
| persistent-keepalive 25 | persistent-keepalive 25 | ||
| } | } | ||
| - | private-key $WG0_PRIVATE_KEY | + | private-key $WG0_PRIVATE_KEY |
| route-allowed-ips false | route-allowed-ips false | ||
| } | } | ||
| wireguard wg1 { | wireguard wg1 { | ||
| - | address $WG1_IPV4 | + | address $WG1_IPV4 |
| - | address $WG1_IPV6 | + | address $WG1_IPV6 |
| listen-port 51823 | listen-port 51823 | ||
| mtu 1406 | mtu 1406 | ||
| Zeile 329: | Zeile 332: | ||
| allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
| allowed-ips ::/0 | allowed-ips ::/0 | ||
| - | endpoint $WG1_ENDPOINT | + | endpoint $WG1_ENDPOINT |
| persistent-keepalive 25 | persistent-keepalive 25 | ||
| } | } | ||
| - | private-key $WG1_PRIVATE_KEY | + | private-key $WG1_PRIVATE_KEY |
| route-allowed-ips false | route-allowed-ips false | ||
| } | } | ||
| } | } | ||
| protocols { | protocols { | ||
| - | bgp $BGP_AS { #VAR | + | bgp $BGP_AS { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 349: | Zeile 352: | ||
| ebgp 4 | ebgp 4 | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR1_IPV4 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPV4 { |
| remote-as 65132 | remote-as 65132 | ||
| soft-reconfiguration { | soft-reconfiguration { | ||
| Zeile 355: | Zeile 358: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR2_IPv4 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv4 { |
| remote-as 65132 | remote-as 65132 | ||
| soft-reconfiguration { | soft-reconfiguration { | ||
| Zeile 361: | Zeile 364: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR1_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPv6 { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 371: | Zeile 374: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR2_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv6 { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 412: | Zeile 415: | ||
| table 11 { | table 11 { | ||
| route 0.0.0.0/0 { | route 0.0.0.0/0 { | ||
| - | next-hop $BGP_NEXTHOP_IPV4 { #VAR | + | next-hop $BGP_NEXTHOP_IPV4 { |
| } | } | ||
| } | } | ||
| route6 ::/0 { | route6 ::/0 { | ||
| - | next-hop $BGP_NEXTHOP_IPV6 { #VAR | + | next-hop $BGP_NEXTHOP_IPV6 { |
| } | } | ||
| } | } | ||
| Zeile 428: | Zeile 431: | ||
| shared-network-name internal { | shared-network-name internal { | ||
| authoritative disable | authoritative disable | ||
| - | subnet $DHCP_SUBNET { #VAR | + | subnet $DHCP_SUBNET { |
| - | default-router $DHCP_DEFAULT_ROUTER | + | default-router $DHCP_DEFAULT_ROUTER |
| - | dns-server $DHCP_DNS | + | dns-server $DHCP_DNS |
| lease 600 | lease 600 | ||
| - | start $DHCP_START { #VAR | + | start $DHCP_START { |
| - | stop $DHCP_STOP | + | stop $DHCP_STOP |
| } | } | ||
| unifi-controller 195.30.94.28 | unifi-controller 195.30.94.28 | ||
| Zeile 453: | Zeile 456: | ||
| } | } | ||
| snmp { | snmp { | ||
| - | community $SNMP_COMMUNITY { #VAR | + | community $SNMP_COMMUNITY { |
| authorization ro | authorization ro | ||
| } | } | ||
| - | contact $SNMP_CONTACT | + | contact $SNMP_CONTACT |
| - | description $SNMP_DESCRIPTION | + | description $SNMP_DESCRIPTION |
| - | location $SNMP_LOCATION | + | location $SNMP_LOCATION |
| } | } | ||
| ssh { | ssh { | ||
| Zeile 496: | Zeile 499: | ||
| syslog-facility daemon | syslog-facility daemon | ||
| } | } | ||
| - | host-name $HOST_NAME | + | host-name $HOST_NAME |
| login { | login { | ||
| user ubnt { | user ubnt { | ||
lqb